Solved

Xcacls Problems : resetting home directories for individual users

Posted on 2006-06-19
15
399 Views
Last Modified: 2010-04-18
I have previously asked a question similar to this when i was figuring out the actual syntax to use for the command.  Now i have done that and have seen the command working i have a further query;

The below command seems to work in the login script as a .CMD file when i am logged in as myslef (a domain admin) but when the script runs when a normal user logs in it returns with 'ERRROR The filename, directory name or volume label syntax is incorrect'

\\[servername]\xcacls.exe "\\[servername]\home\%username%" /T /E /C /G %username%:f /y
pause (just to see it step through)

Just wondering if any expert has any pearls of wisdom on this, before i resort to resetting all home directory access manually and individually.

ANy help would be much appreciated

Thanks
leon

0
Comment
Question by:leont
  • 6
  • 5
  • 2
  • +1
15 Comments
 
LVL 40

Expert Comment

by:RQuadling
Comment Utility
Hi leont,


I think you can only grant rights if the USER running the script has the ability to play with rights.

You cannot (for example) give yourself superduper rights if you are guest.

When you are logging in, the "user" running the script is NOT the same user logging in. This is why you would use the login script to set the rights.

Regards,

Richard Quadling.
0
 
LVL 6

Expert Comment

by:Azhrei1
Comment Utility
can you access the username share on that server while logged in as the user?

http://technet2.microsoft.com/WindowsServer/en/Library/8ec308b8-9229-44bb-acad-707ec1b7f0a91033.mspx?mfr=true
0
 

Author Comment

by:leont
Comment Utility
Thanks for the quick response, in response to Azhrei1's query, they cannot access thier own directories this is why i was looking to do it via login script (xcacls) otherwise i will have to go through every users home profile directory to reset the access right so only they have full control access to their own directories.  Rquadling, i had a feeling it would be something like that, looks like theres no quick way to do this then?

Leon
0
 
LVL 6

Expert Comment

by:Azhrei1
Comment Utility
I will have to agree with Richard, Leon :(
0
 
LVL 40

Expert Comment

by:RQuadling
Comment Utility
OOI. Why not jus leave it in the Login script?

If they don't login, they can't access their files!

If they do, the login script sets the rights and they can access their files.

I don't see any problem.
0
 
LVL 82

Accepted Solution

by:
oBdA earned 500 total points
Comment Utility
Since the user name and the folder name are identical, it's not too difficult to change those permissions at once.
Open a command prompt and enter a test command first (replacing the servername, obviously):
for /d %a in ("\\[servername]\home\*.*") do @ECHO @xcacls "%a" /T /E /C /G %Userdomain%\%~nxa:f /y
If this generates the correct output, remove the @echo above:
for /d %a in ("\\[servername]\home\*.*") do @xcacls "%a" /T /E /C /G %Userdomain%\%~nxa:f /y

If you prefer to put this into a batch script, replace the "%a" by "%%a" (the ECHO for the test mode is still there):

@echo off
for /d %%a in ("\\[servername]\home\*.*") do ECHO xcacls "%%a" /T /E /C /G %Userdomain%\%%~nxa:f /y
0
 

Author Comment

by:leont
Comment Utility
Hi RQuadling, Thats the root problem, all the home drives where migrated from one server to another and they lost their individual full control access rights and thats what i'm trying to restore when they logon so only the user logging in can access thier own home drive and no one elses, that script works if its a domain admin user logging in but doesn't when the normal user logs in

leon
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 40

Expert Comment

by:RQuadling
Comment Utility
Aha!

Hmm.

I was just about to suggest oBdA's answer. As the usernames are the directory names, then a one shot of for /D will do the trick.
0
 

Author Comment

by:leont
Comment Utility
i will have a look at that.

Thanks
0
 

Author Comment

by:leont
Comment Utility
Hi everyone sorry for the delay in responding to close this question, wondering if someone could advise, as while i agree some of the suggestions may work in certain circumstances, i have eventually reverted to way i was originally going to do it so don't know who to assign the points to.  I was going to split the points between RQuading and oBdA, if anyone has any problems with this please let me know.

Thanks
Leon
0
 
LVL 40

Expert Comment

by:RQuadling
Comment Utility
What way did you use?
0
 
LVL 40

Expert Comment

by:RQuadling
Comment Utility
I have to say that oBdA's answer is right on the button for a one off fix.
0
 

Author Comment

by:leont
Comment Utility
Thanks RQuading, i'll give oBdA the points then if thats ok.  In answer to your first question i took the cowards wayout of this one and reset all the home drive directories to a path that didn't exist i.e.

\\[servername]\homes\%username% (where homes doesn't exist) then went into each individual AD settings and changed it to;
\\[servername]\home\%username% and when the re-mapping is applied it resets the access for the user.

Long winded I know, good job i've only got around 400 users!!

thanks everyone.  I will look into the oBdA gave for future use but not that use to scripting, so i'll look through and figure out what that script actually does for myself.

again many thanks.

Leon
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
Have a look here, nice resources for batch scripting: http://www.robvanderwoude.com/
0
 

Author Comment

by:leont
Comment Utility
Many thanks oBdA

Leon
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This video discusses moving either the default database or any database to a new volume.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now